Introduction
With the following Data Protection Declaration, we hope to be able to provide information about the types of your personal data (hereinafter also referred to as “data”) that we process, as well as the reasons for and extent of that processing. The Data Protection Declaration applies to all of the processing of personal data carried out by us, both in the course of the provision of our services and in particular on our websites, in mobile applications as well as within external online sites, such as our social media profiles (hereinafter referred to collectively as the “online content”).
The terms used are not gender-specific.
Version: January 12, 2024
Privacy Policy
The S-MILES CLOUD APP (“the APP”) is the management system used in the smart PV solution from Hoymiles Power Electronics Inc. (hereinafter referred to as “Hoymiles”) to allow PV device installers and PV device owners to monitor and manage their equipment and smart PV devices. This Data Protection Declaration explains the data protection practices of the APP for the user.
The S-MILES CLOUD commitment to data protection
The S-MILES CLOUD respects your entitlement to privacy. Your ability to make informed decisions concerning the use of your data is important to us. This Data Protection Declaration explains the S-MILES CLOUD policies regarding the collection, use, disclosure, and protection of personal data. The terms of this Data Protection Declaration apply to information collected from you unless there are other terms specified as part of a special offer or in a different form or contract that we provide to you.
Types of Data Processed
Categories of Data Subjects
Purposes of Processing
We process data of our contractual and business partners, e.g., customers and interested parties (referred to collectively as “contractual partners”) in the context of contractual and comparable legal relationships as well as related measures and in the context of communication with contractual (or pre-contractual) partners, e.g., to answer inquiries.
We process this data in order to fulfill our contractual obligations. This includes, in particular, the obligations to provide the agreed services, any obligations regarding updating, and remedies for warranty problems and other service issues. Furthermore, we process the data to protect our rights, perform administrative tasks associated with these obligations, and organize our business. Furthermore, we process the data based on our legitimate interests in correct business management, as well as in security measures to protect our contractual partner and our business operations from misuse, risks to your data, secrets, information, and rights (e.g., for the participation of telecommunications, transportation, and other auxiliary services as well as subcontractors, banks, tax and legal advisors, payment service providers, or tax authorities). In accordance with the applicable law, we only pass data from contractual partners on to third parties as required for the aforementioned purpose or for the fulfillment of legal obligations. The contractual partner will be informed about other forms of processing, e.g., for marketing purposes, in the context of this Data Protection Declaration.
We will inform the contractual partners which data is required for the aforementioned purposes, either before or during the data collection process, e.g., in online forms, through special markings (e.g., color coding) or symbols (e.g., asterisks, etc.), or in person.
We delete the data after the expiry of the statutory warranty and comparable obligations, i.e., in principle, after a period of 4 years unless the data is stored in a customer account, e.g., as long as it needs to be stored for legal reasons governing archiving. The statutory period is ten years for tax-related documents, as well as for trading books, inventories, opening balance sheets, annual financial statements, work instructions, and other administrative documents and accounts, and six years for commercial and business letters received and copies of commercial and business letters sent. This period commences at the end of the calendar year in which the last entry was made in the book, or the inventory, opening balance sheet, annual financial statement or management report was prepared, or the commercial or business letter received or sent, or the account created, recording made or other document created.
Insofar as we use third-party providers or platforms to provide our services, the terms and conditions and the data protection information of these third-party providers or platforms shall apply to the relationship between the users and providers.
More Information on Data Processing, Procedures, and Services:
Relevant Legal Principles Under GDPR: Below, you will find an overview of the GDPR legal principles implemented by us as the basis for personal data processing. Please note that, in addition to the provisions of the GDPR, there may be national data protection regulations applicable in your or our country of residence or domicile. Where there are more specific legal principles also relevant in individual cases, we will inform you about them in the Data Protection Declaration.
National Data Protection Regulations in Germany: In addition to the GDPR data protection regulations, the national regulations concerning data protection in Germany shall apply. In particular, this includes the law covering misuse of personal data in data processing (BDSG - the German Federal Data Protection Act). The BDSG, in particular, contains special regulations concerning the right to information, right to deletion, right to objection, the processing of special categories of personal data, processing for other purposes and transmission, as well as automated decision-making in individual cases, including profiling. Furthermore, individual federal state data protection laws may apply.
Security Measures
In accordance with the legal requirements, we take appropriate technical and organizational measures, taking account of the state of the art, the implementation costs, and the type, scope, circumstances, and purposes of the processing as well as the varying probabilities of occurrence, and the extent of any threat to the rights and freedoms of individuals, in order to ensure an appropriate level of protection for the risk.
The measures include, in particular, ensuring the confidentiality, integrity, and availability of data by controlling physical and electronic access to the data, as well as data access, input, disclosure, ensuring availability and separation. We have also established procedures to ensure the exercise of the rights of the data subject, deletion of data, and responses to threats to the data. Furthermore, we already take the protection of personal data into account when developing or selecting hardware, software, and procedures, following the principle of data protection through technology design and default privacy settings.
TLS/SSL encryption (https): For the protection of user data transmitted via our online services, we use TLS/SSL encryption. Secure Sockets Layer (SSL) is the standard technology used to secure Internet connections by encrypting the data transmitted between a website or app and a browser (or between two servers). Transport Layer Security (TLS) is an updated and more secure version of SSL. Hyper Text Transfer Protocol Secure (HTTPS) is shown in the URL wherever a website is secured by an SSL/TLS certificate.
Collecting Personal Data
We collect personal data provided to us by those who:
(1) We collect plant addresses, latitude and longitude as well as information about the plant operation.
(2) We collect basic data about the devices attached to the plant, such as the device name, model, version, status, settings, and historical data.
(3) If the charging pile is used in the plant, we collect the operating data from the charging pile (e.g., working mode, temperature, power, voltage, and charged energy) and the configuration of the charging pile (scheduled charging task, etc.).
(4) When conducting energy storage safety analysis and providing alerts for energy storage devices, we collect data at the energy storage subsystem level (e.g., electronic device labels and device status) and data at the battery rack level (e.g., rack current, rack voltage, highest cell temperature, and lowest cell temperature), data at the battery pack level (e.g., battery pack voltage and current), data at the cell level (e.g., cell voltage and current), and basic information about the battery pack (e.g., battery type, nominal capacity, and cell manufacturer).
(5) To detect and connect to devices through Wi-Fi/Bluetooth, we collect the information from the Wi-Fi or Bluetooth. When connecting to a device by Wi-Fi, you need to get the Wi-Fi SSID, BSSID, and MAC address of the device. The Wi-Fi information above is used only for display. If the Wi-Fi information is not provided, the device connection will not be affected. When connecting to a device by Bluetooth, you need to get the Bluetooth name, UUID, and MAC address of the device. If the information is not specified, the device cannot be connected by Bluetooth. The data mentioned above is only collected during the connection, with local processing, not uploaded to the server. When using the above functions, you can activate the “Local network” (iOS) or “Connect to nearby device” (Android)/Bluetooth (iOS) at the same time to log in to the device by Wi-Fi or Bluetooth.
When using the APP, the execution log information is recorded, including IP information, app error information, your operating information, and information about interaction with devices. After exporting device logs, the app will save a copy of the device logs that may contain important execution parameters and alarm information for the devices. This app will not collect any other logs on your mobile phone without authorization. All the logs are stored locally and are not uploaded to the server. You can upload logs to the server manually to analyze log information, diagnose the execution status of the applications, and identify and locate any application errors.
We can collect some information automatically when you visit the APP, such as the application with which you connected to us, as well as the time and date of your visit, any purchases, and activities. We also collect information received from third parties, where they have stated that they have entered into an agreement concerning the connectivity of the Hoymiles products with the APP. The APP does not intentionally collect any personal data from children under the age of 16, and you need to be at least 18 years old to set up an account in the APP.
Use of Personal Data
As part of our processing of personal data, the data may sometimes be transmitted to other bodies, companies, legally independent organizational entities, or individuals or disclosed to them. Those receiving this data may include, for example, service providers commissioned with IT tasks or providers of services and content integrated into a website. In these cases, we comply with the legal requirements and, in particular, conclude corresponding contracts or agreements with data recipients to protect your data.
The personal data collected by us is used to identify security issues on devices, protect plant security, process your requests or transactions, send you important notifications (e.g., alarms, regular maintenance, as well as update and installation notifications), correct application errors, provide a high-quality service for you, and customize the APP according to your preferences, as well as inform you about certain goods and services that we believe to be of potential interest to you. If you prefer not to receive promotional information from us, we will make it easy for you to tell us this. You can contact us at any point to refuse advertising information (see “Selection” section below).
Transfer of Personal Data
The S-MILES CLOUD will not sell or transfer personal data to a third party without your prior consent. The S-MILES CLOUD will not share or disclose personal data to third parties without your prior consent, except in the limited circumstances described below in the “Disclosures” section.
International Data Transfer
Data processing in third countries: If we process data in a third country (i.e., a country outside the European Union (EU) or the European Economic Area (EEA)), or if the processing is carried out in the context of the use of third-party services or the disclosure or transfer of data to other persons, bodies or companies, this will only take place in compliance with the legal requirements. If the level of data protection in the third country has been recognized by an adequacy decision (GDPR Art. 45), this forms the basis for the data transfer. Otherwise, data transfers will only take place where the level of data protection is otherwise secured, in particular by standard contractual clauses (GDPR Art. 46 Section 2 Subsection c), explicit consent, or in the case of legally required or contractual transmission (GDPR Art. 49 Section 1). In addition, we will inform you about the basic aspects of the third-country transmission with individual providers from the third country, with adequacy decisions taking precedence as the foundation. Information about transfers to third countries and existing adequacy decisions is included in the information provided by the EU Commission: https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection_en?prefLang=de.
EU-US Trans-Atlantic Data Privacy Framework: As part of the “Data Privacy Framework” (DPF), the EU Commission has also recognized the level of data protection as secure for specific companies from the USA in the context of the adequacy decision of 10.07.2023. The list of certified companies and further information about the DPF are provided on the website of the US Department of Commerce at https://www.dataprivacyframework.gov/ (in English). In the context of data protection information, we will tell you which service providers we use, certified under the Data Privacy Framework.
Disclosures
We may disclose personal data in good faith, with the belief that we are required to do so by law or that it is reasonably necessary in order to comply with legal processes or contractual requirements, respond to claims, or protect the rights, property, or personal safety of Hoymiles, our customers, or the public. Information about our customers, including personal data, may be disclosed if this is necessary for legitimate purposes, e.g., as part of or during negotiations for a merger, sale of company assets, or acquisition. With the exceptions indicated above, we hold a policy of obtaining an individual’s consent if we intend to process their personal data.
Protection of Personal Data
The S-MILES CLOUD has implemented security measures to protect personal data against loss, misuse, or modification as long as they are under our control. The personal data that we collect is stored electronically. We implement technical, contractual, administrative, and physical measures to protect ourselves from unauthorized access.
Account information is accessible online only with the use of a password. To protect the confidentiality of personal data, you must keep your password confidential and not disclose it to others. If there are other people with access to your e-mail address, they could obtain access to your password and receive personal data concerning you, or they could change information about your user profile.
Although we take appropriate measures to safeguard the information stored in our database, and we ensure that access to information is restricted solely to those employees who need that access to carry out their professional duties, such as our customer service and technical personnel, we cannot guarantee the security of account information. The security of account information could be compromised at any time by unauthorized access or use, hardware or software failure, and other factors. We cannot guarantee the security of the information that you provide to us, so we do urge you to take every precaution to protect your personal data when you are online. Make sure you change your passwords frequently and use combined letters and numbers. Make sure you use a secure browser.
Aggregated Data
Personal data does not include “aggregated” data. Aggregated data is data that we collect about a group or category of products, services, or customers, from which individual customer identities have been removed, and this information cannot be used to identify a specific individual. Aggregated data also includes all information or data that we collect from inverters and power optimizers and that is available to you via the S-MILES CLOUD. In other words, information about the way you use a service may be collected and combined with information about how other people use the same service, but the resulting data will not include any personal data. Similarly, information about the products or services that you have used or purchased is collected and combined with information about products and services used or purchased by others, but the resulting data will not include any personal data. Among other things, aggregated data is used to help understand trends and customer requirements when considering new products and services and adjust existing products and services to match customer preferences.
The S-MILES CLOUD recognizes the importance of protecting the privacy of the personal data that you provide to us. The S-MILES CLOUD uses and publishes anonymized aggregated data for the purpose of evaluating and improving our services and customizing our products, as well as for commercial purposes. The S-MILES CLOUD may decide, at its own sole discretion, to transfer, sell, provide, or disclose such information to third parties, including Hoymiles' business partners, for commercial purposes.
Deletion of Data
The data processed by us will be deleted immediately, in accordance with the legal requirements, if you withdraw your consent for processing or if other permissions are no longer applicable (e.g., if the purpose for processing this data ceases to apply, or it is not required for the purpose). If the data is not deleted because it is required for other legally permissible purposes, processing of this data will be limited solely to those purposes. This means that the data will be blocked and not processed for other purposes. This applies, for example, to data that must be retained for reasons of commercial or tax law or whose storage is necessary for the assertion, exercise, or defense of legal claims or for the protection of the rights of another individual or legal entity. Our data protection notices may also include further information on the storage and deletion of data, primarily applicable to relevant processing operations.
What are cookies, and do you have to accept them?
Read more about our cookie policy.
Online Links to Other Websites
The APP enables users to link to other third-party websites that provide useful information. All information provided by you on such linked sites is provided directly to the third party concerned and is subject to the third party's privacy policy. The APP is not responsible for the content or the data protection practices of the linked websites. Links from the APP to third-party or other websites are provided for your convenience. We encourage you to learn about the data protection practices of individual websites before you provide any data to them.
Updating, Checking, or Correcting Personal Data
You can update, check, or correct your online account information in the S-MILES CLOUD at any time by accessing your password-protected personal account management page. You can also contact us to correct any other information about yourself by emailing us at service@hoymiles.com or by calling us at the phone numbers provided at https://www.hoymiles.com/contact-us/.
Questions or Concerns
If you have any questions or concerns about this Data Protection Declaration or you would like to contact us for any reason, you can call us at the phone numbers provided at https://www.hoymiles.com/contact-us/ or use any other contact method indicated in the “Selection” section.
Changes to This Declaration
The APP reserves the right to change this Data Protection Declaration at any time, but will notify you of any changes made by indicating the date of the most recent update at the end of the Data Protection Declaration. We encourage you to read our Data Protection Declaration to ensure that you understand how your data will be used. If any substantial change is ever made in the way that we use your data, and the new uses are not related to the uses mentioned in this declaration, the new version of the privacy policy will be presented in the APP to give you the choice of accepting or acknowledging those changes before continuing to use the APP.
Rules of Use for Third-party SDKs or APIs
In order to provide and optimize our services, the APP uses the Baidu Maps SDK, Google Maps SDK, and Bugly SDK. The Baidu Maps SDK and Google Maps SDK are used for geolocation (1. Select the plant location on the map when you are building a plant. 2. Show plant locations on the map). The Bugly SDK is used for counting and recording the BUG logs displayed during the running process of the APP for BUG analysis.
(1) You can find the data protection declaration for the Baidu Maps SDK here:
https://map.baidu.com/zt/client/privacy/index.html
(2) You can find the data protection declaration for the Google Maps SDK here:
https://policies.google.com/privacy?hl=zh-CN&gl=sg
(3) You can find the privacy policy for the Bugly SDK here:
https://static.bugly.qq.com/bugly-sdk-privacy-statement.pdf
If you send us any inquiries during registration, we will store your information provided in the inquiry form, including your contact details, to process the inquiry and any potential follow-up questions. We will not pass on this data without your consent.
The data entered during registration is, therefore, processed exclusively on the basis of your consent (GDPR Art. 6 Section 1 Subsection a). You may revoke this consent at any time. It is sufficient to notify us informally by e-mail of your wish to revoke the consent. The legality of the data processing operations carried out prior to the revocation of the consent stands unaffected.
The data you provide us during registration will remain with us until you ask us to delete it or revoke your consent to its storage or the purpose of its storage ceases to apply (e.g., after your request has been processed). Mandatory legal provisions, in particular retention periods, remain unaffected.
We maintain our online content within social networks and process user data in this context in order to communicate with active users there or to provide information about us.
We would like to point out that user data may be processed outside the European Union. This could present risks for users because, for example, it could make it more difficult to enforce user rights.
Moreover, user data within social networks will usually be processed for market research and advertising purposes. For example, usage behaviors and the resulting interests of users can be processed to form usage profiles. Such usage profiles can then be used, for example, to place advertisements within and outside of social networks that are presumably appropriate to user interests. For these purposes, cookies are usually stored on users’ computers, where the usage behavior and interests of the user are stored. Moreover, data can also be stored in usage profiles independently of the devices used by users (especially if users are members of the respective platforms and are logged in to them).
For a detailed description of the respective forms of processing and the opt-out options, please refer to the data protection declarations and the information provided by operators of the respective networks.
Regarding requests for information and assertion of the rights of data subjects, we also wish to note that these can be asserted most effectively with the providers. Only the providers have access to user data and can take appropriate measures and provide information directly. If you still need help, you can contact us.
This data includes information about the types of content that users view or interact with, or actions they take, as well as information about the devices users use (e.g., IP addresses, operating system, browser, language settings, cookie data) and information from the user’s profile, such as job function, country, industry, level in hierarchy, company size, and employment status. Data protection information about the processing of user data by LinkedIn is provided in LinkedIn’s data protection policy: https://www.linkedin.com/legal/privacy-policy
We have concluded a special agreement with LinkedIn Ireland (“Page Insights Joint Controller Addendum (the ‘Addendum’)”, https://legal.linkedin.com/pages-joint-controller-addendum), which, in particular, regulates which security measures need to be observed by LinkedIn, and in which LinkedIn has agreed to fulfill the rights of data subjects (i.e., users can, for example, send information or deletion requests directly to LinkedIn). The rights of users (in particular, their rights to information, deletion, objection, and complaint to the competent supervisory authority) are not restricted by agreements with LinkedIn. The joint responsibility is limited to the collection of the data and its forwarding to the Ireland Unlimited Company, a company based in the EU. The Ireland Unlimited Company is solely responsible for further processing of the data, in particular, the forwarding of the data to the parent company LinkedIn Corporation in the USA.
Based on our legitimate interests (i.e., interest in the analysis, optimization, and economic operation of our online content in the sense of GDPR Art. 6 Section 1 Subsection f), we use Google Analytics, a web analysis service from Google LLC (“Google”). Google uses cookies. The information generated by the cookie about the use of the online content by the users is usually transmitted to a Google server in the USA and stored there.
Google is certified under the Privacy Shield Agreement, offering a guarantee that it will comply with European data protection law (https://www.privacyshield.gov/…000001L5AAI&status=Active).
Google will use this information on our behalf to evaluate the use of our online content by users, to compile reports on activities within this online content, and to provide us with other services related to the use of this online content and the Internet. As part of this process, pseudonymous usage profiles of users may be generated using the data processed.
We only use Google Analytics with IP anonymization activated. This means that Google will shorten the user's IP address within the member states of the European Union or in other signatory states to the Agreement on the European Economic Area. The full IP address will only be transmitted to a Google server in the USA and shortened there under exceptional circumstances.
The IP address sent by the user’s browser will not be merged with other data from Google. Users can prevent cookies from being stored by setting up their browser software appropriately; users can also prevent Google from collecting data generated by cookies related to their use of the online content and from processing such data by downloading and installing the browser plug-in available on the following link: http://tools.google.com/dlpage/gaoptout?hl=de.
Further information on data usage by Google, settings, and opt-out options is provided in Google's data protection declaration (https://policies.google.com/technologies/ads) as well as in the settings for advertisements displayed by Google (https://adssettings.google.com/authenticated).
Users’ personal data will be deleted or anonymized after a period of 14 months.
We use Google Analytics to display advertisements placed by Google and its partners within advertising services only to those users who have also shown an interest in our online content or who have specific characteristics (e.g., interests in particular topics or products based on the websites visited) that we send to Google (“Remarketing” or “Google Analytics Audiences”). With the help of Remarketing Audiences, we also hope to ensure that our advertisements are appropriate for the potential interest of users.
Rights of the Data Subjects
Rights of the data subjects under the GDPR: As a data subject, you hold various rights under the GDPR, in particular arising from GDPR Art. 15 to 21: